Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on Friends Computer


  • Please log in to reply
3 replies to this topic

#1 esteimle

esteimle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 08 December 2010 - 10:07 AM

Hi all I'm posting here as my last resort for help :) I'm trying to help a friend clean her computer but so far it keeps coming back. Firefox and IE on her computer constantly show this popup from: http://holidaycontest.s3.amazonaws.com/home.html that says she won a $1000 Walmart Gift card. I could just block it I suppose by it makes me suspicious that there are other things lurking. Here's what I've tried so far:

Running spybot search and destroy several time including on restart (it found and removed virtumonde)
Uninstallilng firefox / reinstalling
disabling all plugins in firefox
removing all extension keys from the firefox extension settings in the registry
running trend micro house call
running combofix it reported "Bootkit TDL4 was found and disinfected"
installing and running chrome, oddly it was not able to connect to the internet it just hung
firefox also was having a problem hanging on connecting to the internet until I started it in safe-mode this made me suspicious about plugins

I know your forum says don't run combofix unless you know what you're doing but generally I do know what I'm doing, but I'm getting beaten here. Any help is greatly appreciated.

Thank you,
-Eric

Edited by Blade Zephon, 08 December 2010 - 11:17 PM.
Disabled link ~BZ


BC AdBot (Login to Remove)

 


#2 lnolte

lnolte

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 08 December 2010 - 08:27 PM

You are not alone, brother. I have the same symptoms. It seems to have started today. Along with opening the tab for a "gift card" it also seems to be a search hijacker. My Google results were hijacked to a different site. Any help from the community here would be greatly appreciated.

Thanks
Larry

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:50 AM

Posted 08 December 2010 - 11:23 PM

Hello.

@ Inolte: Please start your own topic to avoid confusion.

@esteimle: For the benefit of others who may read this thread, please note the following:

ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

You may find this topic informative - ComboFix usage, Questions, Help? - Look here

***************************************************

The issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread. Additionally, please post the ComboFix log that was generated when you ran the tool, so that your helper can analyze it.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (5-7 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 Joel Anderson

Joel Anderson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 14 December 2010 - 09:28 AM

Any news guys??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users